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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims; 

1 . (Previously Presented) A method for allow^ing proxies in an integrated 
Identity System and Access System, comprising the steps of: 

receiving from a user of the integrated Identity System and Access System a 
request for the user to be a proxy for an administrator of the integrated Identity System and 
Access System; 

associating said user with one or more credentials of said administrator without 
authenticating said user as said administrator; 

allowing said user to use said Identity System as said administrator based on said 
one or more credentials of said administrator; and 

allowing said user to use said Access System to access resources based on one or 
more credentials of said user but not the one or more credentials of said administrator. 

2. (Previously Presented) A method according to claim 1, wherein said step 
of receiving a request includes the steps of: 

providing a notification to said user of an ability to be said proxy for said 
administrator; and 

receiving a request from said user to be said proxy for said administrator. 

3. (Original) A method according to claim 2, wherein: 
said notification includes an email. 

4. (Original) A method according to claim 2, wherein: 
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said notification includes a display page for said Identity System. 

5. (Previously Presented) A method according to claim 1, wherein said step 
of receiving a request includes the step of: 

receiving an indication from said administrator that said user can be said proxy 
for said administrator. 

6. (Previously Presented) A method according to claim 1, wherein said step 
of receiving a request includes the steps of: 

providing a list of potential proxy candidates; 

providing a search mechanism to add more candidates to said list of potential 
proxy candidates; and 

receiving a selection of one or more of said potential proxy candidates, including 
a selection of said user. 

7. (Previously Presented) A method according to claim 1 , wherein: 
said credentials of said administrator include a distinguished name for said 

administrator. 

8. (Previously Presented) A method according to claim 1, wherein: 

said credentials of said administrator include identity profile attributes for said 

administrator. 

9. (Previously Presented) A method according to claim 1, wherein: 

said step of associating includes storing an identification of said administrator in a 
data element used to identify said user. 

1 0. (Previously Presented) A method according to claim 1 , wherein: 

said step of associating includes storing an identification of said administrator in a 
cookie for said user. 
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11. . (Previously Presented) A method according to claim 1 , wherein: 

said step of associating includes using an identification of said administrator to 
identify said user. 

12. (Previously Presented) A method according to claim 1, wherein said step 
of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System cookie 
stores an identification of said user; 

storing said identification of said user from said step of accessing in a second 

cookie; and 

storing an identification of said administrator in said Identity System cookie for 

said user. 



13. (Previously Presented) A method according to claim 12, further 
comprising the steps of: 

receiving a request to terminate said user being a proxy for said administrator; 
accessing said identification of said user in said second cookie; and 

storing said identification of said user in said Identity System cookie for said user. 



14. (Previously Presented) A method according to claim 12, further 
comprising the steps of: 

receiving a request from said user to access said Identity System; 
determining whether said Identity System cookie for said user exists; 

providing access to said Identity System for said user if said Identity System 
cookie for said user exists; and 
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authenticating said user and creating said Identity System cookie if said Identity 
System cookie for said user does not exist prior to said step of determining, said step of creating 
includes adding said identification of said user to said Identity System cookie. 

15. (Previously Presented) A method according to claim 12, wherein said step 
of allowing includes the steps of: 

receiving a request from said user to access a service in said Identity System; 
accessing said identification of said administrator in said Identity System cookie; 

accessing attributes for said administrator based on said identification of said 
administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said administrator. 



16. (Previously Presented) A method according to claim 1, wherein: 

said steps of receiving, associating and allowing are performed without said user 
providing a password for said administrator. 

1 7. (Previously Presented) A method according to claim 1 ; wherein: 

said step of associating verifies that said administrator is a delegated administrator 
having a right to be proxied. 

18. (Previously Presented) A method according to claim 1, frirther comprising 

the step of: 

delegating a right to be proxied to said administrator, said step of associating 
verifies that said administrator has said right to be proxied. 

19. (Canceled) 

20. (Canceled) 
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21. (Canceled) 

22. (Previously Presented) A method according to Claim 1, wherein: 

said steps of associating and allowing provide for said user to be said proxy for 
said administrator in said Identity System but does not provide for said user to be said proxy for 
said administrator in said Access System. 

23. (Currently Amended) A method according to claim 1, wherein: 
said step of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System 
cookie stores an identification of said user, and 

storing an identification of said administrator in said [[an]] Identity 
System cookie for said user; 

said Access System uses an Access System cookie for said user, said Identity 
System cookie is separate from said Access System cookie; and 

said Access System cookie for said user does not store an indication of said 

administrator. 

24. (Previously Presented) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receiving from a user of an integrated Identity System and Access System a 
request for the user to be a proxy for an administrator of the integrated Identity System and 
Access System; 

associating said user with one or more credentials of said administrator without 
authenticating said user as said administrator; 

allowing said user to use said Identity System as said administrator based on said 
one or more credentials of said administrator; and 
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allowing said user to use said Access System to access resources based on one or 
more credentials of said user but not the one or more credentials of said administrator. 



25. (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said credentials of said administrator include identity profile attributes for said 

administrator. 

26. (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes storing an identification of said administrator in a 
data element used to identify said user. 

27. (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System 
cookie stores an identification of said user, 

storing said identification of said user from said step of accessing in a 

second cookie, and 

storing an identification of said administrator in said Identity System 
cookie for said user; and 

said method further comprises the steps of: 

receiving a request to terminate said user being a proxy for said 

administrator, 

accessing said identification of said user in said second cookie, and 
storing said identification of said user in said Identity System cookie for 

said user. 
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28. (Previously Presented) One or more processor readable storage devices 
according to claim 27, wherein said step of allowing includes the steps of: 

receiving a request from said user to access a service in said Identity System; 
accessing said identification of said administrator in said Identity System cookie; 

accessing attributes for said administrator based on said identification of said 
administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said adminisfrator. 

29. (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said steps of receiving, associating and allowing are performed without said user 
providing a password for said administrator. 

30. (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said steps of associating and allowing provide for said user to be said proxy for 
said administrator in said Identity System but does not provide for said user to be said proxy for 
said administrator in said Access System. 

3 1 . (Previously Presented) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System 
cookie stores an identification of said user, and 

storing an identification of said administrator in said Identity System 

cookie for said user; 
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said Access System uses an Access System cookie for said user, said Identity 
System cookie is separate from said Access System cookie; and 

said Access System cookie for said user does not store an indication of said 

administrator. 

32. (Previously Presented) An apparatus comprising: 
one or more communication interfaces; 

one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said one or more communication interfaces, said processors adapted to provide an integrated 
Identity System and Access System and to perform a method comprising the steps of 

receiving from a user of the integrated Identity System and Access System 
a request for the user to be a proxy for an administrator of the integrated Identity System and 
Access System, 

associating said user with one or more credentials of said administrator 
without authenticating said user as said administrator, 

allowing said user to use said Identity System as said administrator based 
on said one or more credentials of said administrator, and 

allowing said user to use said Access System to access resources based on 
one or more credentials of said user but not the one or more credentials of said administrator. 

33. (Previously Presented) An apparatus according to claim 32, wherein: 
said credentials of said administrator include identity profile attributes for said 

administrator. 

34. (Previously Presented) An apparatus according to claim 32, wherein: 
said step of associating includes storing an identification of said administrator in a 

data element used to identify said user. 

35. (Previously Presented) An apparatus according to claim 32, wherein: 



OID-2005- 162-02 



Page 9 of 19 



Appl. No. 09/998,916 PATENT 

Amdt. dated: June 27. 2006 

Reply to Office Action of April 5, 2006 

said step of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System 
cookie stores an identification of said user; 

storing said identification of said user from said step of accessing in a 

second cookie, and 

storing an identification of said administrator in said Identity System 
cookie for said user; and 

said method fiirther comprises the steps of: 

receiving a request to terminate said user being a proxy for said 

administrator; 

accessing said identification of said user in said second cookie, and 
storing said identification of said user in said Identity System cookie for 

said user. 

36. (Previously Presented) An apparatus according to claim 35, wherein said 
step of allowing includes the step of: 

receiving a request from said user to access a service in said Identity System; 
accessing said identification of said administrator in said Identity System cookie; 

accessing attributes for said administrator based on said identification of said 
administrator in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said administrator. 

37. (Previously Presented) An apparatus according to claim 32, wherein: 
said steps of receiving, associating and allowing are performed without said user 

providing a password for said administrator. 

38. (Previously Presented) An apparatus according to claim 32, wherein: 



OID-2005- 162-02 



Page 10 of 19 



Appl. No. 09/998,916 PATENT 

Amdt. dated: June 27. 2006 

Reply to Office Action of April 5, 2006 

said steps of associating and allowing provide for said user to be said proxy for 
said administrator in said Identity System but does not provide for said user to be said proxy for 
said administrator in said Access System. 

39. (Previously Presented) An apparatus according to claim 32, wherein: 
said step of associating includes the steps of: 

accessing an Identity System cookie for said user, said Identity System 
cookie stores an identification of said user, and 

storing an identification of said administrator in said Identity System 

cookie for said user; 

said Access System uses an Access System cookie for said user, said Identity 
System cookie is separate from said Access System cookie; and 

said Access System cookie for said user does not store an indication of said 

administrator. 

40. (Previously Presented) A method for allowing proxies in an integrated 
Identity System and Access System, comprising the steps of: 

receiving from an administrator of the integrated Identity System and Access 
System an indication that a user of the integrated Identity System and Access System can be a 
proxy for the administrator; 

receiving an indication from said user to become said proxy for said 

administrator; 

accessing an Identity System cookie for said user, wherein said Identity System 
cookie stores an identification of said user; 

storing an identification of said administrator in said Identity System cookie for 

said user; 

allowing said user to use said Identity System as said administrator based on said 
identification of said administrator in said Identity System cookie for said user; and 

allowing said user to use said Access System to access resources based on an 
Access System cookie for the user, wherein the Access System cookie is separate from said 
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Identification System cookie and the Access System cookie does not store an identification of 
said administrator. 

41. (Canceled) 

42. (Previously Presented) A method according to claim 40, wherein: 
said step of accessing includes the steps of 

storing said identification of said user in a second cookie, and 
said method further comprises the steps of: 

receiving a request to terminate said user being a proxy for said 

administrator, 

accessing said identification of said user in said second cookie, and 
storing said identification of said user in said Identification System cookie 

for said user. 

43. (Previously Presented) A method according to claim 42, wherein said step 
of allowing said user to use said Identity System as said administrator includes the steps of 

receiving a request fi-om said user to access a service; 

accessing said identification of said administrator in said Identification System 

cookie; 

accessing attributes for said administrator based on said identification of said 
administrator in said Identification System cookie; and 

providing access to said service based on said attributes for said administrator. 

44. (Previously Presented) A method according to claim 40, wherein: 

said steps of receiving, associating and allowing are performed without said user 
providing a password for said administrator. 

45. (Previously Presented) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
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processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receiving from an administrator of an integrated Identity System and Access 
System an indication that a user of the integrated Identity System and Access System can be a 
proxy for the administrator; 

receiving an indication from said user to become said proxy for said 

administrator; 

accessing an Identity System cookie for said user, wherein said Identity System 
cookie stores an identification of said user; 

storing an identification of said administrator in said Identity System cookie for 

said user; 

allowing said user to use said Identity System as said administrator based on said 
identification of said administrator in said Identity System cookie for said user; and 

allowing said user to use said Access System to access resources based on an 
Access System cookie for the user, wherein the Access System cookie is separate from said 
Identification System cookie and the Access System cookie does not store an identification of 
said administrator. 

46. (Canceled) 

47. (Previously Presented) One or more processor readable storage devices 
according to claim 45, wherein: 

said step of accessing includes the steps of: 

storing said identification of said user in a second cookie, and 
said method further comprises the steps of 

receiving a request to terminate said user being a proxy for said 

administrator, 

accessing said identification of said user in said second cookie, and 
storing said identification of said user in said Identification System cookie 

for said user. 
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48. (Previously Presented) One or more processor readable storage devices 
according to claim 47, wherein said step of allowing said user to use said Identity System as said 
administrator includes the steps of: 

receiving a request fi"om said user to access a service; 

accessing said identification of said administrator in said Identification System 

cookie; 

accessing attributes for said administrator based on said identification of said 
administrator in said Identification System cookie; and 

providing access to said service based on said attributes for said administrator. 

49. (Previously Presented) One or more processor readable storage devices 
according to claim 45, wherein: 

said steps of receiving, associating and allowing are performed without said user 
providing a password for said administrator. 
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